mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-14 03:54:21 +00:00
e57a9b57c8
# Which Problems Are Solved ZITADEL currently always uses `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` in SAML requests, relying on the IdP to respect that flag and always return a peristent nameid in order to be able to map the external user with an existing user (idp link) in ZITADEL. In case the IdP however returns a `urn:oasis:names:tc:SAML:2.0:nameid-format:transient` (transient) nameid, the attribute will differ between each request and it will not be possible to match existing users. # How the Problems Are Solved This PR adds the following two options on SAML IdP: - **nameIDFormat**: allows to set the nameid-format used in the SAML Request - **transientMappingAttributeName**: allows to set an attribute name, which will be used instead of the nameid itself in case the returned nameid-format is transient # Additional Changes To reduce impact on current installations, the `idp_templates6_saml` table is altered with the two added columns by a setup job. New installations will automatically get the table with the two columns directly. All idp unit tests are updated to use `expectEventstore` instead of the deprecated `eventstoreExpect`. # Additional Context Closes #7483 Closes #7743 --------- Co-authored-by: peintnermax <max@caos.ch> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| email_integration_test.go | ||
| email.go | ||
| otp_integration_test.go | ||
| otp.go | ||
| passkey_integration_test.go | ||
| passkey_test.go | ||
| passkey.go | ||
| password_integration_test.go | ||
| password_test.go | ||
| password.go | ||
| phone_integration_test.go | ||
| phone.go | ||
| query_integration_test.go | ||
| query.go | ||
| server.go | ||
| totp_integration_test.go | ||
| totp_test.go | ||
| totp.go | ||
| u2f_integration_test.go | ||
| u2f_test.go | ||
| u2f.go | ||
| user_integration_test.go | ||
| user_test.go | ||
| user.go | ||